H.323 Inspection Overview; How H.323 Works - Cisco 7604 Configuration Manual
Catalyst 6500 series switch and cisco 7600 series router firewall services module configuration guide using the cli
Hide thumbs
Also See for 7604:
- Configuration manual (1011 pages) ,
- Installation manual (324 pages) ,
- User manual (98 pages)
Table of Contents
Advertisement
H.323 Inspection
•
•
•
•
•
•
H.323 Inspection Overview
H.323 inspection provides support for H.323 compliant applications such as Cisco CallManager and
VocalTec Gatekeeper. H.323 is a suite of protocols defined by the International Telecommunication
Union for multimedia conferences over LANs. The FWSM supports H.323 through Version 4, including
the H.323 v3 feature Multiple Calls on One Call Signaling Channel. The H.323 Gatekeeper Update
Protocol inspection is also supported. Because GUP is a Cisco proprietary protocol, H.323-GUP
inspection is relevant only in topologies where the Cisco Gatekeeper devices are employed.
With H.323 inspection enabled, the FWSM supports multiple calls on the same call signaling channel, a
feature introduced with H.323 Version 3. This feature reduces call setup time and reduces the use of ports
on the FWSM.
The two major functions of H.323 inspection are as follows:
•
•
How H.323 Works
The H.323 protocols collectively may use up to two TCP connection and four to six UDP connections.
FastConnect uses only one TCP connection. RAS uses a single UDP connection for registration,
admissions, and status.
An H.323 client may initially establish a TCP connection to an H.323 server using TCP port 1720 to
request Q.931 call setup. As part of the call setup process, the H.323 terminal supplies a port number to
the client to use for an H.245 TCP connection. In environments where H.323 gatekeeper is in use, the
initial packet is transmitted using UDP.
H.323 inspection monitors the Q.931 TCP connection to determine the H.245 port number. If the H.323
terminals are not using FastConnect, the FWSM dynamically allocates the H.245 connection based on
the inspection of the H.225 messages.
Within each H.245 message, the H.323 endpoints exchange port numbers that are used for subsequent
UDP data streams. H.323 inspection inspects the H.245 messages to identify these ports and dynamically
creates connections for the media exchange. RTP uses the negotiated port number, while RTCP uses the
next higher port number.
The H.323 control channel handles H.225 and H.245 and H.323 RAS. H.323 inspection uses the
following ports.
•
•
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM
22-48
H.225 Map Commands, page 22-50
Enabling and Configuring H.323 Inspection, page 22-51
Configuring H.323 and H.225 Timeout Values, page 22-53
Verifying and Monitoring H.323 Inspection, page 22-53
H.323 GUP Support, page 22-55
H.323 Sample Configuration, page 22-57
NAT the necessary embedded IPv4 addresses in the H.225 and H.245 messages. Because H.323
messages are encoded in PER encoding format, the FWSM uses an ASN.1 decoder to decode the
H.323 messages.
Dynamically allocate the negotiated H.245 and RTP/RTCP connections.
UDP port 1718—Gate Keeper Discovery
UDP port 1719—RAS
Chapter 22
Applying Application Layer Protocol Inspection
OL-20748-01
- Quick Links:
- C H a P T E...
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
